<?php
session_start();
require("../db_conn.php");
if(isset($_POST))
{
   if($_SESSION['code']==$_POST['yzm'])
       {
    $yhm=$_POST['yhm'];
    $mm=$_POST['mm'];
    
  $sql="select * from users where username='$yhm'";
  $rs=$db->query($sql);
  $row=$rs->fetch_assoc();
  if($row)
  {
     if( $row['dlmm']==md5($mm))
     {
      header("Location:user.php");
  }
 else {
       echo "<script>alert('密码错误！');window.location.href='login.php'</script>";
  }
  }
  else
  {
      echo "<script>alert('用户名错误！');window.location.href='login.php'</script>";
      
  }
   }
   else
       {
      echo "<script>alert('验证码错误！');window.location.href='login.php'</script>";  
   }
}

